On 19/11/12 02:50, Pccom Frank wrote:
Thank you Andrew!
You are right. Let FreeBSD start its own Kerberos does not make sense since
Samba4 has its own Kerberos.
I can not get Samba4's Kerberos working.
The following is the message I run Samba4.
I am using the Samba4's internal DNS.
I copied krb5.conf from /usr/local/samba/private to /etc after I run
samba-tool domain provision.
root@f10:/usr/local/samba/sbin # ./samba -i -M single
samba version 4.1.0pre1-GIT-e6a100e started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
samba: using 'single' process model
/usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
/usr/local/samba/sbin/samba_dnsupdate: File
"/usr/local/samba/sbin/samba_dnsupdate", line 507, in <module>
/usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp)
/usr/local/samba/sbin/samba_dnsupdate: File
"/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials
/usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp,
ccachename)
/usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@
F10.PCCOM.CA failed (Cannot contact any KDC for requested realm)
/usr/local/samba/sbin/samba_dnsupdate:
../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
NT_STATUS_ACCESS_DENIED
root@f10:/usr/local/samba/sbin # uname -a
FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC
2012
[email protected]:/usr/obj/i386.i386/usr/src/sys/GENERIC
i386
root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf
domain f10.pcccom.ca
nameserver 192.168.1.1
root@f10:/usr/local/samba/sbin # nslookup samba.org
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: samba.org
Address: 216.83.154.106
It looks the DNS server has no problem.
Please help me out!
On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett <[email protected]> wrote:
On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote:
Hi, Samab gurus!
I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP
computer to the domain.
What I did is:
1, git clone git://git.samba.org/samba.git samba-master
2, cd /usr/local/samba-master
3, ./configure --enable-debug --enable-selftest && make && make install
4, /usr/local/samba/sbin/samba-tool domain provision
--realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456'
--server-role=dc
5, cp /usr/local/samba/private/krb.conf /etc
What suggested that you should do this?
6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf
7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf
This step is not included in any official Samba HOWTO.
8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf
the dns server keep the same as before.
9, /usr/local/samba/bin/samba -i -M single
I found
"Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED"
Our KDC cannot start because you enabled a different KDC and it is
listening on port 88 already.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Hello, is the ipaddress of the samba 4 server 192.168.1.1 ? because
earlier you had a problem connecting to the KDC on 192.168.1.248
If 192.168.1.1 is a different machine, then alter the nameserver line in
/etc/resolv.conf to point to either your samba4 servers ipaddress or
127.0.0.1
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
